diff options
Diffstat (limited to 'keystone-moon/debian/docs')
-rw-r--r-- | keystone-moon/debian/docs/scripts/keystone.base-deployment.sh | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/keystone-moon/debian/docs/scripts/keystone.base-deployment.sh b/keystone-moon/debian/docs/scripts/keystone.base-deployment.sh new file mode 100644 index 00000000..ba325eb8 --- /dev/null +++ b/keystone-moon/debian/docs/scripts/keystone.base-deployment.sh @@ -0,0 +1,68 @@ + +#!/bin/sh +# Script to create base roles on keystone database +set -e + +# ToDo: Check service is running and token properly set + +TOKEN=`gawk 'match ($0, /^admin_token\s?=\s?(.*)/, ary){ print ary[1]}' /etc/keystone/keystone.conf` +export SERVICE_TOKEN=${TOKEN:-"ADMIN"} +export SERVICE_ENDPOINT="http://localhost:35357/v2.0/" + +if ! timeout 20 sh -c "while ! http_proxy= wget -q -O- ${SERVICE_ENDPOINT}; do sleep 1; done" +then + echo "keystone not running" + exit 1 +fi + + +create_role() { + id=`keystone role-list | grep " $1 " | awk '{ print $2 }'` + if [ -z $id ]; then + id=`keystone role-create --name=$1 | grep " id " | awk '{ print $4 }'` + echo "Created role $1 with id $id" + fi +} + +get_id() { + keystone $1-list | grep " $2 " | awk '{ print $2 }' +} + +create_role admin +create_role Member +create_role KeystoneAdmin +create_role KeystoneServiceAdmin +create_role sysadmin +create_role netadmin + +ADMIN_TENANT=`keystone tenant-create --name=admin | awk '/ id / { print $4 }'` +DEMO_TENANT=`keystone tenant-create --name=demo | awk '/ id / { print $4 }'` +SERVICE_TENANT=`keystone tenant-create --name=service | awk '/ id / { print $4 }'` + +keystone user-create --name=admin --pass="admin" --email=admin@example.com +keystone user-create --name=demo --pass="demo" --email=admin@example.com + +ADMIN_ROLE=`get_id role admin` +MEMBER_ROLE=`get_id role Member` +SYSADMIN_ROLE=`get_id role sysadmin` +NETADMIN_ROLE=`get_id role netadmin` +ADMIN_USER=`get_id user admin` +DEMO_USER=`get_id user demo` + +keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT +keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT +keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT +keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT +keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT + +keystone service-create --name=nova --type=compute --description="Nova Compute Service" +NOVA_USER=`keystone user-create --name=nova --pass="nova" --email=nova@example.com | awk '/ id / { print $4 }'` +keystone user-role-add --user $NOVA_USER --role $ADMIN_ROLE --tenant_id $SERVICE_TENANT +keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer" +keystone service-create --name=glance --type=image --description="Glance Image Service" +GLANCE_USER=`keystone user-create --name=glance --pass="glance" --email=glance@example.com | awk '/ id / { print $4 }'` +keystone user-role-add --user $GLANCE_USER --role $ADMIN_ROLE --tenant_id $SERVICE_TENANT +keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" + +# Use only whit quantum networking +#keystone service-create --name=quantum --type=network --description="Quantum Service" |